Cyber Threats to Our Economy

All of Wall Street is abuzz about stock brokerage Knight Capital which was brought to the edge of bankruptcy by a software glitch. Seventeen-year old Knight is one of the most trusted trading intermediaries for many of America’s largest mutual-fund companies and retail brokers. It could have all ended when, on August 1st, a software glitch caused a barrage of unintended trades, affecting the opening prices of more than 100 securities, with a particularly large impact on half a dozen shares. Knight was left with a hole in its accounts of $440 million and promptly saw most of its customers flee. Kudos to Knight’s management which did superb damage control, righting technical problems, retaining skittish employees, pacifying regulators and luring back customers while securing a financing package compelling enough to restore confidence — a capital injection of $400 million in equity from a consortium of financial firms, including Jefferies Group, an investment bank; Blackstone, the private-equity giant; GETCO, a Chicago-based competitor; and two brokers, Stifel Financial and TD Ameritrade – in return for 70% of the equity of the firm. Employees with long-term equity incentives saw their stakes wiped out but the company was saved. Knight’s near miss is a reminder of the seriousness of computer malfunctions. We saw glitches on Facebook’s first day of trading on the NASDAQ stock exchange (caused by and upgrade to the Nasdaq OMX platform) and a shaky debut for BATS Global Market on its own electronic exchange.  utside of Wall Street, a software bug caused Southwest Airlines to charge online customers several times over for the same flight.

Computer shutdowns are catastrophic because there are few insurance products to protect businesses from glitch-related losses.  “If they’d had a fire in a server room, then that would have been covered,” says Robert Hartwig, president of the Insurance Information Institute, but such catastrophic losses from a software malfunction go beyond most comprehensive cyber insurance plans, which generally cover first party business interruption losses and costs association with hacking attacks. Part of the reason is that the rising number of costly data breaches is prompting insurance underwriters to re-examine cyber insurance plan coverage and policy rates. An industry study conducted by NetDiligence found insurance payments for data breaches climbed to an average of $3.7 million between 2006-2011, up more than 50 percent from $2.4 million for claims filed between 2000 and 2005.

“These incidents are certainly a wakeup call for software quality at these organizations,” says Eric Baize, senior director of the product security office at RSA, a division of EMC. “Updates now happen frequently on a weekly basis. It needs to be done increasingly in a time-pressured manner,” and developers often don’t get enough time